问题描述
当我审核jhipster 6.10.1中的漏洞时,会发现以下内容:
D:\ JHipster \ liquidbasetwo> npm审核
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package lodash
Patched in >=4.17.19
Dependency of generator-jhipster [dev]
Path generator-jhipster > jhipster-core > lodash
More info https://npmjs.com/advisories/1523
Low Prototype Pollution
Package lodash AND OTHER LIKE THIS ONE
High Remote Code Execution
Package serialize-javascript
Patched in >=3.1.0
Dependency of workBox-webpack-plugin [dev]
Path workBox-webpack-plugin > workBox-build >
rollup-plugin-terser > serialize-javascript
More info https://npmjs.com/advisories/1548
found 5 vulnerabilities (4 low,1 high) in 2556 scanned packages
5 vulnerabilities require manual review. See the full report for details.
所以我尝试更新:npm install serialize-javascript,它给了我很多警告和一个高度脆弱的,不会消失的东西:
D:\JHipster\liquidbasetwo>npm install serialize-javascript
npm WARN @angular/[email protected] requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN @angular/[email protected] requires a peer of @angular/[email protected] but none is installed. You must install peer dependencies yourself.
npm WARN @angular/[email protected] requires a peer of @angular/[email protected] but none is installed. You must install peer dependencies yourself.
npm WARN @angular/platform-bro[email protected] requires a peer of @angular/[email protected] but none is installed. You must install peer dependencies yourself.
npm WARN @fortawesome/[email protected] requires a peer of @angular/core@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @fortawesome/[email protected] requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/[email protected] requires a peer of @angular/common@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/[email protected] requires a peer of @angular/core@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/[email protected] requires a peer of @angular/forms@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/[email protected] requires a peer of @angular/localize@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/[email protected] requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ngx-translate/[email protected] requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ngx-translate/[email protected] requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of [email protected] - 3 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of popper.js@^1.16.0 but none is installed. You must install peer dependencies yourself.
npm WARN codelyzer@5.2.2 requires a peer of @angular/core@>=2.3.1 <10.0.0 || >9.0.0-beta <10.0.0 || >9.1.0-beta <10.0.0 || >9.2.0-beta <10.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/common@^9.0.5 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/core@^9.0.5 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/common@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/core@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules\webpack-dev-server\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules\watchpack-chokidar2\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"x64"})
,然后在循环引用中再次提出。有没有办法停止所有这些并立即修复所有漏洞?
谢谢
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)